Denial of Service Vulnerability in SAP Commerce Cloud
CVE-2019-0322

7.5HIGH

Key Information:

Vendor
SAP
Status
SAP Commerce Cloud (ex SAP Hybris Commerce) (hy Com)
Vendor
CVE Published:
10 July 2019

Summary

SAP Commerce Cloud, previously known as SAP Hybris Commerce, is susceptible to a Denial of Service vulnerability that enables attackers to disrupt access for legitimate users. By exploiting this flaw, an adversary can either crash the service or inundate it with traffic, effectively preventing users from reaching the services they need. This situation poses serious operational challenges and user experience issues, requiring prompt attention to mitigate associated risks.

Affected Version(s)

SAP Commerce Cloud (ex SAP Hybris Commerce) (HY_COM) < 6.3 < 6.3

SAP Commerce Cloud (ex SAP Hybris Commerce) (HY_COM) < 6.4 < 6.4

SAP Commerce Cloud (ex SAP Hybris Commerce) (HY_COM) < 6.5 < 6.5

References

http://www.securityfocus.com/bid/109076
vdb-entryx_refsource_BID
https://launchpad.support.sap.com/#/notes/2781873
x_refsource_MISC
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.